semantic web standards
TRANSCRIPT
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Semantic Web Standards
Presented By: David Shelly
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Topics
SemID OntologyDistributed Service DeploymentWeb Services Performance
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
SemID (Semantic ID)Ontology
Mohammad M. R. ChowdhuryJosef Noll
Juan Miguel Gomez
UniK- University Graduate Center, Kjeller, Norway
Universidad Carlos III de Madrid, Madrid, Spain
http://www.semid.org/
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Introduction
Problems Addressed:Access control in distributed and dynamic systemsPrivacy issues in project oriented corporate networks
Ontology Solution:Secure access to project resourcesMaintain privacy of members
“Ontologies are [the Semantic Web’s] cornerstone technology, providing structured vocabularies that describe a formal specification of a shared
conceptualization.”
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Functional Architecture
Formalize the semantics of roles, policies, and rules
Role – Has certain policy or policies assigned to it
Policy – Represents the privilege reserved for each role in a community and expressed through a set of Rules (R1, R2,… Rn)
P = {R1, R2,… Rn}
Rules – Takes an access request as an input and results in an action (permit, deny, or not-application)
R = {S, R, A}
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Example Rules
R = {JosefNoll, Deliverables, Permit }
R = {GeirEgeland, Deliverables, Deny}
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Protégé Example
http://protege.stanford.edu/
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Web Ontology Language (OWL)
SemID Ontology has 10 propertiesdomain – classes to which a property is attachedrange – allowed classes for properties
<owl:ObjectProperty rdf:ID="hasAction"><rdfs:domain rdf:resource="#Rule"><rdfs:range rdf:resource="#Action"></owl:ObjectProperty>
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Implementation
Four different policiesAdministratorFinalApprovalReadRead/Write
<Policy rdf:ID="Administrator"><Policy rdf:ID="FinalApproval"><Policy rdf:ID="Read"><Policy rdf:ID="ReadWrite">
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Implementation
Four instances of roleProject LeaderSupervisorProject memberVisitor
<Role rdf:ID="Project Leader"><hasVisibilityOfGroup rdf:resource="#Rel9 Project"><hasPolicy rdf:resource="#Administrator"/><hasPolicy rdf:resource="#FinalApproval"/><hasPolicy rdf:resource="#ReadWrite"></Role>
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Implementation
Four properties in Identity InstancehasGrouphasVisibilityhasRolehasSupervisor
<Corporate Identity rdf:ID="Erik Swansson"><hasGroup rdf:resource="#Ericsson"><hasGroup rdf:resource="#Rel9 Project"><hasVisibility rdf:resource="#Ericsson"><hasVisibility rdf:resource="#Rel9 Project"><hasRole rdf:resource="#Project Member"><hasSupervisor rdf:resource="#Peter_Johansson"/></Corporate_Identity>
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Discussion
Advantages of SemID over permissions schemes used in Windows/Linux?Is the SemID scheme usable? Will companies continuously update projects, roles, and permissions?
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Distributed SystemDeployment
Artin AvanesJohann-Christoph Freytag
Christof Bornhovd
Humboldt-Universitat zu BerlinBerlin, GermanySAP Labs, LLC
Palo Alto, California
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Introduction
Advantages of Distributed Service DeploymentHigher system scalabilityBetter system response timeHigher data accuracy
New ChallengesIncreased DynamicsLimited Resource CapabilitiesLimited ReliabilityHigher Demand for Scalability
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Service Classes
Three Major Service Classes
Business Logic ServicesAggregation Services and Data Management ServicesBasic Infrastructure Services
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Service Deployment
Service MappingContext-Aware Determination of Service RequirementsGroup-Based Resource TrackingPriority Assignment and Query ProcessingDistributed Service Injection
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Service Deployment
Service MappingMapping Function
Context-Aware Determination of Service RequirementsGroup-Based Resource TrackingPriority Assignment and Query ProcessingDistributed Service Injection
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Service Deployment
Service MappingContext-Aware Determination of Service Requirements
Translation ProcessGroup-Based Resource TrackingPriority Assignment and Query ProcessingDistributed Service Injection
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Service Deployment
Service MappingContext-Aware Determination of Service RequirementsGroup-Based Resource Tracking
Group-Based Retrieval AlgorithmPriority Assignment and Query ProcessingDistributed Service Injection
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Group-Based Retrieval Algorithm
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Service Deployment
Service MappingContext-Aware Determination of Service RequirementsGroup-Based Resource TrackingPriority Assignment and Query Processing
Two major request classesThree strategies to determine priorities
Distributed Service Injection
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Priority Assignment and Query Processing
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Service Deployment
Service MappingContext-Aware Determination of Service RequirementsGroup-Based Resource TrackingPriority Assignment and Query ProcessingDistributed Service Injection
Pair matching
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
OSGi Prototype Implementation
Example Scenario:“A wireless sensor network measures the temperature in specific areas of a warehouse, whereas the current temperature values are periodically forwarded to the display of a worker’s PDA. Each worker is equipped with such a PDA and can immediately react if the temperature exceeds a certain threshold to avoid damage of goods or machines.”
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Performance Evaluation
List Topology≤ O(N) + O(N2 + N * H) →«O(n2 + n * H)
(no packet merging)
≤ O(N) + O(N) →« O(n)(with packet merging)
Star Topology« O(n)
Binary Tree Topology→ O(lnN * N ln(2)) ≤ O(lnN * N 0.7) « O(ln n * n 0.7)